Home About Program Values Apply Member Login
Begin Your Application

Privacy Policy

Last Updated: April 26, 2026

1. Introduction

Cohort1 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Because our service is designed for students ages 13-18, we take special care to comply with the Children's Online Privacy Protection Act (COPPA) and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide Directly

When you apply to join Cohort1, we collect:

  • Student Information: First name, last name, age, grade level
  • Parent/Guardian Information: First name, last name, email address
  • Additional Information: Current school, timezone, motivation for joining
  • Payment Information: Credit card details (processed securely through third-party payment processors)

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

  • Device and Network Information: IP address, approximate geolocation, browser type, operating system, device or browser signals, user agent, and request metadata
  • Usage Data: Pages viewed, time spent on pages, click patterns, request path, HTTP method, timestamps, and related interaction data
  • Referral Information: How you arrived at our website, including referrer URLs, search engines, advertisements, and campaign parameters
  • Security Event Metadata: Rate-limit events, bot-detection signals, web application firewall matches, challenge or CAPTCHA outcomes, suspicious request patterns, and infrastructure request IDs
  • Cookies and Tracking: See Section 8 for details

2.3 Information from Third Parties

We may receive information from:

  • Analytics providers
  • Advertising platforms
  • Payment processors

3. How We Use Your Information

We use the information we collect to:

  • Provide Services: Process applications, administer admissions assessments, match students with cohorts, facilitate sessions
  • Communications: Send confirmation emails, program updates, and important notices
  • Payment Processing: Bill membership fees and application fees
  • Program Improvement: Analyze usage patterns, improve matching algorithms, enhance curriculum
  • Marketing: Track advertising effectiveness, optimize campaigns (with parental consent where required)
  • Legal Compliance: Comply with applicable laws and regulations
  • Safety and Security: Enforce our Code of Conduct and Terms, prevent fraud and spam, detect scraping or unauthorized automation, rate-limit abusive traffic, investigate security events, protect users, and preserve evidence of misuse

4. How We Share Your Information

We do not sell your personal information. We may share information with:

4.1 Service Providers

  • Cloud Infrastructure Providers: Data storage, email delivery, website hosting, web application firewall, bot detection, security logging, and abuse monitoring
  • Payment Processors: To process application fees and membership payments
  • Email Services: For transactional and program-related communications

4.2 Analytics and Advertising Partners

  • Analytics Providers: Website usage analytics (anonymized where possible)
  • Advertising Partners: Advertising effectiveness tracking

4.3 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect the rights, property, or safety of Cohort1, our users, or others.

4.4 Security and Abuse Response

When necessary to protect Cohort1, our users, or our rights, we may share limited abuse or security evidence with infrastructure providers, security vendors, legal counsel, law enforcement, domain registrars, hosting providers, search engines, platforms, payment providers, or other parties involved in investigating, stopping, or remediating misuse. We avoid sharing full application responses, session content, payment details, tokens, cookies, authorization headers, or other sensitive content unless legally required or necessary for the specific response.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Children's Privacy (COPPA Compliance)

Our service is designed for students ages 13-18. We comply with the Children's Online Privacy Protection Act (COPPA) for users under 13:

5.1 Parental Consent

  • We require verifiable parental consent before collecting personal information from children under 13
  • Parents must submit applications on behalf of students under 13
  • All communications regarding children under 13 are sent to the parent/guardian email

5.2 Information We Collect from Children

We collect only the minimum information necessary:

  • First name and last name
  • Age and grade level
  • Written responses during the application and assessment process
  • Audio and video recordings, and transcripts, of facilitated discussions (see Section 5.4)

5.3 Parental Rights

Parents of children under 13 have the right to:

  • Review the personal information we have collected from their child
  • Request deletion of their child's information
  • Refuse further collection or use of their child's information
  • Request a description of our data practices

To exercise these rights, contact us at hello@cohort1.org.

5.4 Session Content

Facilitated discussion sessions are recorded (audio and video) and transcribed. Recordings and transcripts are stored securely and retained as described in Section 7. Transcripts are processed in real time by our AI facilitation provider solely to generate facilitator responses during the session. Recordings and transcripts may be reviewed by Cohort1 staff for safety, quality assurance, and program improvement, and may be disclosed if required by law. We do not use session recordings or transcripts to train third-party AI foundation models, and we do not distribute them publicly.

6. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict employee access limitations with role-based permissions
  • Secure Storage: Data stored in managed databases with automatic backups
  • Anti-Abuse Controls: Web application firewall rules, bot detection, silent browser challenges, rate limiting, request filtering, and security event review
  • Regular Audits: Periodic security reviews and updates

However, no system is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any data breaches as required by law.

7. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Active Members: Data retained for the duration of membership plus 7 years for financial/legal compliance
  • Applicants (Not Admitted): Application data retained for 2 years, then deleted
  • Waitlist: Waitlist data retained until you request removal or 2 years from submission
  • Security Logs: Web, firewall, rate-limit, bot-detection, and abuse-monitoring logs are generally retained for up to 400 days unless a longer period is needed to investigate misuse, preserve evidence, comply with law, or protect legal rights
  • Deletion Requests: Honored within 30 days, except where retention is required by law

8. Cookies and Tracking Technologies

8.1 What We Use

  • Essential Cookies: Required for website functionality (session management, form submission)
  • Security Technologies: Cookies, local browser signals, or challenge tokens used to distinguish legitimate browser activity from automated abuse and to enforce rate limits or web application firewall rules
  • Analytics Cookies: Used to understand site usage (anonymized where possible)
  • Advertising Cookies: Used to measure ad campaign effectiveness

8.2 Your Choices

You can control cookies through your browser settings. Disabling cookies may limit website functionality. To opt out of interest-based advertising:

  • Analytics opt-out: Use your browser privacy settings or an analytics opt-out browser add-on
  • Advertising preferences: Adjust ad personalization controls in the platforms where you see Cohort1 ads

9. Your Privacy Rights

9.1 Access and Correction

You have the right to:

  • Access the personal information we hold about you
  • Request corrections to inaccurate information
  • Request a copy of your data in a portable format

9.2 Deletion

You may request deletion of your personal information, subject to legal retention requirements.

9.3 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any marketing message. You will continue to receive transactional emails necessary for the service.

9.4 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt out of the sale of personal information (note: we do not sell personal information)
  • Right to deletion
  • Right to non-discrimination for exercising privacy rights

9.5 European Residents (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation including:

  • Right to access, rectification, erasure, and portability
  • Right to restrict or object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

9.6 Exercising Your Rights

To exercise any of these rights, contact us at hello@cohort1.org with your request. We will respond within 30 days.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

11. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email and update the "Last Updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@cohort1.org
Website: cohort1.org

For privacy-related requests (access, deletion, etc.), please include "Privacy Request" in your email subject line and provide sufficient information to verify your identity.